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WE CLAIM: 



1. A processing system comprising: 

a generation processor at a first computer to receive 
an original software product and to provide a first version of 
5 the software having a limited functionality and a second 

version of the software having increased functionality which is 
dependent upon and utilizes security- related attributes of the 
computer on which the software is to be executed; and 

an execution processor at the second computer, 
10 adapted to receive the versions of the software from the first 
computer, comprising: 

SS an assessor for identifying, prior to execution of 

= C the first version, the security-related attributes of the 
=p second computer; 

rl H 

its a version initiator for initiating the execution of 

M: the second version in the place of the first version if the 

security-related attributes of the second computer supports the 
ffl increased functionality of the second version during which the 

security-related attributes of the second computer are 
2 0 utilized; and 

a code processor for executing the version of the 
software to be executed. 

2. A generation processor at a first computer to receive 
an original software product and to provide a first version of 

2 5 the software having a limited functionality and second version 
of the software having increased functionality which is 
dependent upon and utilizes security-related attributes of the 
computer on which the program is to be executed, 
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whereby an execution processor at the second computer 
may receive the versions of the software from the first 
computer, identify, prior to execution of the first version, 
the security-related attributes of the second computer, 
5 initiate the execution of the second version in the place of 
the first version if the security-related attributes of the 
second computer supports the increased functionality of the 
second version during which the security- related attributes of 
the second computer are utilized, and execute the version of 
10 the software to be executed. 

3. The generation processor according to claim 2 

comprising: 

*j a mapper for generating a map of the functions of the 

original software product into versions of the software. 

3S 4 . The generation processor according to claim 2 

M comprising : 

IT. a generator for generating the versions of the 

fy software in accordance with a map of the functions of the 

™ original software product into versions of the software 

20 5. The generation processor according to claim 4 wherein 

the generator inserts logic into the versions for determining 
the security- related attributes of the" computer on which the 
software is to be executed. 

6. The generation processor according to claim 5 wherein 

25 the logic is incorporated in a dynamic link library. 

7 * The generation processor according to claim 4 wherein 

the generator adds logic into the versions to use the security- 
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related attributes of the computer on which the software is to 
be executed. 

8. The generation processor according to claim 7 wherein 

the logic is incorporated in a dynamic link library . 

5 9. The generation processor according to claim 3 wherein 

the generator modifies the system-level behavior of the 
software . 

10- The generation processor according to claim 9 wherein 

the generator modifies the file input/output resources used by 
10 the software, 

^ 11 • The generation processor according to claim 9 wherein 

%j the generator modifies the user-machine interface used by the 
= jr software. 

fy 12 . The generation processor according to claim 9 wherein 

the generator modifies the operating system resources as used 
by the application. 



• z 

5- .5=; 

5*5 a 



13 . The generation processor according to claim 12 

^ wherein the generator creates proxies. 

14- An execution processor at a second computer for 

2 0 receiving from a first computer, a software product for 

execution on the second computer in the form of a first version 
of the software having a limited functionality and a second 
version of the software having increased functionality which is 
dependent upon and utilizes security-related attributes of the 
25 computer on which the program is to be executed, the execution 
processor comprising: 
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an assessor for identifying, prior co execution of 
the first version, the security-related attributes of the 
second computer; 

a version initiator for initiating the execution of 
the second version in the place of the first version if the 
security-related attributes of the second computer supports the 
increased functionality of the second version during which the 
security-related attributes of the second computer are 
utilized; and 

a code processor for executing the version of the 
software to be executed. 



"J 15. The execution processor according to claim 14 wherein 

s £ the security-related attribute of the second computer on which 

^ the second version depends comprises an attribute of the 

life environment in which the second computer executes programs. 

= 16. The execution processor according to claim 15 wherein 

p g u the presence or absence of the attribute is used in conjunction 

fU with other attributes to compute a figure of merit which 

;z determines whether the second version can be executed. 

20 17. The execution processor according to claim 15 wherein 

the attribute comprises the presence or absence of an adjunct 
device on the second computer. 

18, The execution processor according to claim 17 wherein 

the adjunct device is tamper-resistant. 

25 19. The execution processor according to claim 17 wherein 

the adjunct device is a dongle. 
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20. The execution processor according to claim 15 wherein 

the attribute comprises the presence of an authenticable 
security capability on a network coupled to the second 
computer . 

5 21. The execution processor according to claim 15 wherein 

the attribute comprises the presence or absence of software for 
execution on t;he second computer. 

22. The execution processor according to claim 22 wherein 

the software comprises a run- time debugger. 

10 23. The execution processor according to claim 15 wherein 

p the attribute comprises the presence or absence of local 
storage with pre -determined attributes. 



1* 24, The execution processor according to claim 15 wherein 

=P the attribute comprises the presence or absence of a network 
lit connection . 



25. The execution processor according to claim 15 wherein 

the attribute comprises the presence or absence of a user 
fg certificate. 

^ 26. The execution processor according to claim 25 wherein 

20 the user certificate is an X.509 certificate. 

27. The execution processor according to claim 15 wherein 

the attribute comprises the presence or absence of a currently 
valid logon session with an identified user. 



25 



28. The execution processor according to claim 15 wherein 

the attribute comprises the presence or absence of an ^always- 
on" network connection * 
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29. The execution processor according to claim 15 wherein 

the attribute comprises evidence of registration of the 
upgraded program for the second computer. 

30 # xhe execution processor according to claim 15 wherein 

che attribute comprises the presence or absence of a 
cryptographic co-processor. 

31. The execution processor according to claim 15 wherein 
the attribute comprises the presence or absence of a smart-card 
reader adapted to be coupled with a smart -card. 

32. The execution processor according to claim 15 wherein 
the attribute comprises the presence or absence of a smart -card 
coupled e.o the second computer through a smart -card reader. 

33 _ The execution processor according to claim 15 wherein 

the attribute comprises the presence or absence of a 
=15 connection to the internet. 

34. The execution processor according to claim 15 wherein 
the attribute comprises an independent authentication for user 
identification. 

35. The execution processor according to claim 14, 

20 wherein the second computer initially installs only the first 
version from the first computer and the version initiator 
installs the second version of the software and executes it 
only if the security-related attributes of the second computer 
supports its increased functionality. 

25 36. The execution processor according to claim 35 wherein 

the receipt of the second version requires the security- related 
attributes of the second computer to be utilized. 
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37. The execution processor according to claim 36 wherein 

the second version is encrypted. 

33^ The execution processor according to claim 36 wherein 

the second version is accessed at a URL which is encrypted. 

5 39. The execution processor according to claim 14 wherein 

the version initiator makes use of metadata files. 

40, The execution processor according to claim 39 wherein 

the metadata files are require the security-related attributes 
of the second computer to be utilized. 

10 41. A method of selectively controlling the functionality 

of a software product, the method comprising the steps of: 



=K generating, at a first computer, a first version of 

% the software having a limited functionality and a second 
fU version of the software having increased functionality which is 
1*15 dependent upon and utilizes security-related attributes of the 
computer on which the program is to be executed; 

fU 

receiving the versions of the software from the first 
D computer, at a second computer for execution thereon; 

identifying, prior to execution of the first version, 
20 the security-related attributes of the second computer; 

initiating the execution of the second version in the 
place of the first version if the security-related attributes 
of the second computer supports the increased functionality of 
the second version during which the security- related attributes 
25 of the second computer are utilized; and 

executing the version of the software to be executed. 
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42. A computer- readable medium for storing computer- 

executable instructions which, when executed by a processor in 
a first computer, cause the processor to: 



first version of the software having a limited functionality 
and a second version of the software having increased 
functionality which is dependent upon and utilizes security- 
related attributes of the computer on which the program is to 
be executed/ 

whereby an execution processor at the second computer 
may receive the versions of the software from the first 
computer, identify, prior to execution of the first version, 
the security-related attributes of the second computer, 
initiate the execution of the second version in the place of 
the first version if the security-related attributes of the 
second computer supports the increased functionality of the 
second version during which the security-related attributes of 
the second computer are utilized and execute the version of the 
software to be executed. 

43 . A computer-readable medium for storing computer- 

executable instructions which, when executed by a processor in 
a second computer, cause the processor to: 



execution on the second computer in the form of a first version 
of the software having a limited functionality and a second 
version of the program having increased functionality which is 
dependent upon and utilizes security-related attributes of the 
computer on which the program is to be executed, 



receive an original software product and to provide a 



receive from a first computer, a software product for 
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identify, prior to execution of the first version, 
the security-related attributes of the second computer; 

initiate the execution of the second version in the 
place of the first version if the security-related attributes 
5 of the second computer supports the increased functionality of 
the second version during which the security-related attributes 
of the second computer are utilized; and 

execute the version of the software to be executed. 



